Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 20

Removing a user’s access to a Hardware Password Manager device - specifications

Get Lenovo ThinkPad T400 PDF manuals and user guides View all Lenovo ThinkPad T400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

This tab lists any Remove User actions that have been performed on the user, including the name of the device from which the user was removed and the date and time of the last status change. Removing a user's access to a Hardware Password Manager device After a user has been enrolled on a Hardware Password Manager device, you can remove that enrollment if the user should no longer have access to the device. To remove a user, create a remote action that is applied to each device you specify. The next time when the device is connected to the Hardware Password Manager server to update its policy, the user will be removed from the list of users for that device. To remove a user from a Hardware Password Manager device: 1. Click HPM Enrolled Users in the toolbox (or click Tools ➙ ThinkVantage Hardware Password Manager ➙ HPM Enrolled Users). 2. In the user list, select the user(s). 3. Click Revoke user on the toolbar. 4. In the Create Remote Action dialog box, clear the checkbox for one or more devices from which you want to remove the user. 5. Click OK. Managing Hardware Password Manager groups Hardware Password Manager groups link user groups (as defined in the LDAP server) with Hardware Password Manager devices. Hardware Password Manager groups are useful because they allow multiple users to access one or more devices without individually enrolling each user on each device. When a device is added to a group, all members of that group have the access to the device and can use an intranet account to log in to the device. When you open the HPM Groups tool, groups are listed in the LDAP tree view. Each group is created on your LDAP server; you cannot create a group in ThinkManagement Console. However, you can edit groups (define the group role) and drag devices into groups to associate those devices with the members of the groups. Intranet account groups are distinguished by the role defined for the users in the group: • User: an end user of a Hardware Password Manager device. • Service Tech: an IT technician, authorized with limited access to the device for servicing. Access can be limited to a time frame (duration), or the technician can be authorized with a certain number of logins. • Administrator: an administrative user authorized to access devices. For example, all members of a group that is defined with the Service Tech role can log in to devices in the group for a specified number of times. If the role is defined so the user can only log in to the device two times, access to the device expires for the user after the second login. To edit a Hardware Password Manager group: 1. Click HPM Groups in the toolbox (or click Tools ➙ ThinkVantage Hardware Password Manager ➙ HPM Groups). 2. In the LDAP tree view, click a group name and click Edit Intranet Account Groupon the toolbar. Most items in the Edit Intranet Account Group dialog box are not editable. You can select the role for the group; if you select Service Tech ,you can limit the access to Hardware Password Manager devices. 3. Select the role from the combo box. 4. Select With expiration if you want to limit the access to the device for a period of time or a specific number of logins. (This applies only to Service Tech users.) 12 Hardware Password Manager Deployment Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
This tab lists any Remove User actions that have been performed on the user, including the name of the
device from which the user was removed and the date and time of the last status change.
Removing a user’s access to a Hardware Password Manager device
After a user has been enrolled on a Hardware Password Manager device, you can remove that enrollment
if the user should no longer have access to the device. To remove a user, create a remote action that is
applied to each device you specify. The next time when the device is connected to the Hardware Password
Manager server to update its policy, the user will be removed from the list of users for that device.
To remove a user from a Hardware Password Manager device:
1. Click
HPM Enrolled Users
in the toolbox (or click
Tools
ThinkVantage Hardware Password
Manager
HPM Enrolled Users
).
2. In the user list, select the user(s).
3. Click
Revoke user
on the toolbar.
4. In the
Create Remote Action
dialog box, clear the checkbox for one or more devices from which
you want to remove the user.
5. Click
OK
.
Managing Hardware Password Manager groups
Hardware Password Manager groups link user groups (as defined in the LDAP server) with Hardware
Password Manager devices. Hardware Password Manager groups are useful because they allow multiple
users to access one or more devices without individually enrolling each user on each device. When a
device is added to a group, all members of that group have the access to the device and can use an
intranet account to log in to the device.
When you open the
HPM Groups
tool, groups are listed in the LDAP tree view. Each group is created on your
LDAP server; you cannot create a group in ThinkManagement Console. However, you can edit groups (define
the group role) and drag devices into groups to associate those devices with the members of the groups.
Intranet account groups are distinguished by the role defined for the users in the group:
User:
an end user of a Hardware Password Manager device.
Service Tech:
an IT technician, authorized with limited access to the device for servicing. Access can be
limited to a time frame (duration), or the technician can be authorized with a certain number of logins.
Administrator:
an administrative user authorized to access devices.
For example, all members of a group that is defined with the Service Tech role can log in to devices in the
group for a specified number of times. If the role is defined so the user can only log in to the device two
times, access to the device expires for the user after the second login.
To edit a Hardware Password Manager group:
1. Click
HPM Groups
in the toolbox (or click
Tools
ThinkVantage Hardware Password Manager
HPM Groups
).
2. In the LDAP tree view, click a group name and click
Edit Intranet Account Group
on the toolbar. Most
items in the
Edit Intranet Account Group
dialog box are not editable. You can select the role for the
group; if you select
Service Tech
,you can limit the access to Hardware Password Manager devices.
3. Select the role from the combo box.
4. Select
With expiration
if you want to limit the access to the device for a period of time or a specific
number of logins. (This applies only to Service Tech users.)
12
Hardware Password Manager Deployment Guide